Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,971
NuGet
713
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,533 advisories

Loading
The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2024-13345 was published Feb 13, 2025
JSONPath Plus allows Remote Code Execution High
CVE-2025-1302 was published for jsonpath-plus (npm) Feb 15, 2025
The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to... High Unreviewed
CVE-2024-13797 was published Feb 18, 2025
Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary... High Unreviewed
CVE-2025-25944 was published Feb 20, 2025
Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary... High Unreviewed
CVE-2025-25943 was published Feb 20, 2025
The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13792 was published Feb 20, 2025
PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which... High Unreviewed
CVE-2023-51313 was published Feb 20, 2025
IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local... High Unreviewed
CVE-2025-0161 was published Feb 20, 2025
The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution... High Unreviewed
CVE-2025-1509 was published Feb 22, 2025
The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode... High Unreviewed
CVE-2025-1510 was published Feb 22, 2025
GeoVision GV-ASWeb with the version 6.1.2.0 or less, contains a Remote Code Execution (RCE)... High Unreviewed
CVE-2025-26264 was published Feb 28, 2025
Spacy-LLM Server-Side Template Injection (SSTI) vulnerability High
CVE-2025-25362 was published for spacy-llm (pip) Mar 5, 2025
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... High Unreviewed
CVE-2024-53693 was published Mar 7, 2025
The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up... High Unreviewed
CVE-2024-13890 was published Mar 8, 2025
The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-2169 was published Mar 11, 2025
Duplicate Advisory: Keras arbitrary code execution vulnerability High
GHSA-5478-v2w6-c6q7 was published for keras (pip) Mar 11, 2025 withdrawn
LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the... High Unreviewed
CVE-2025-25680 was published Mar 11, 2025
Arbitrary Code Execution via Crafted Keras Config for Model Loading High
CVE-2025-1550 was published for keras (pip) Mar 11, 2025
io-no
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for... High Unreviewed
CVE-2025-1119 was published Mar 13, 2025
The Automation Scripting functionality can be exploited by attackers to run arbitrary system... High Unreviewed
CVE-2024-54448 was published Mar 14, 2025
An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR... High Unreviewed
CVE-2024-21760 was published Mar 18, 2025
A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF... High Unreviewed
CVE-2024-10252 was published Mar 20, 2025
In binary-husky/gpt_academic version <= 3.83, the plugin `CodeInterpreter` is vulnerable to code... High Unreviewed
CVE-2024-10950 was published Mar 20, 2025
LoLLMS Code Injection vulnerability High
CVE-2024-6982 was published for lollms (pip) Mar 20, 2025
A command injection vulnerability exists in the workflow-checker.yml workflow of significant... High Unreviewed
CVE-2024-8156 was published Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database